Question 11

Will it be possible to see worm and virus attacks with an enterprise IDS?

That's heavily dependent on the infection vector and how it propagates. Also, the virus/worm might lead to some kind of network activity depending on the payload.
Most vira are spread through email as attachments so in order to reliably detect these one'll have to take into account the whole email. Snort can't do this as it's only inspecting the individual network packages. After the fact detection might be possible if Snort suddenly eg notices smtp trafic from a computer where none such should originate.
If the spreading vector is purely network based, ie the worm is self-propagating, then Snort is able to detect what's happening.